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REMARKS/ARGUMENTS 
The arguments presented herein include the arguments Applicants discussed with the 
Examiner during phone interview dated September 22, 2009. The Examiner said that the 
arguments seemed persuasive and requested Applicants to submit the discussed arguments for 
reconsideration, which Applicants present herein. Applicants submit that the arguments 
presented herein make the substance of the phone interview of record to comply with 37 CFR 
1.133. If the Examiner believes that further information on the interview needs to be made of 
record to comply with the requirements, Applicants request the Examiner to identify such further 
information. 

1. Claims 31, 32. 34. and 40-46 are Patentable Over the Cited Art 

The Examiner rejected claims 31, 34, and 40-46 as obvious (35 U.S.C. §103(a)) over 
Sheinis (U.S. Patent Pub. No. 2004/0019809) in view of Srivastava (U.S. Patent Pub. No. 
2002/0120685). Applicants traverse. 

Claim 31, 47, and 56 require receiving a call request from a user to execute an object; 
determining an access authority for the user; acquiring an object access authority set for the 
object indicating access authorities for methods called by the object; comparing the user access 
authority and the object access authority set to determine whether the user access authority 
permits access to the methods called by the object; and searching a storage section storing 
execution results for a previous execution of the object prior to executing the call request and in 
response to determining that the user access authority permits access to the methods called by the 
object. 

The Examiner cited paras. 90-98 and 109-1 13 of Sheinis as teaching the claim 
requirement of acquiring an object access authority set for the object (to execute) indicating 
access authorities for methods called by the object. (OA3, pg. 3) Applicants traverse. 

The cited para. 90 mentions determining whether a call on an interface is authorized for a 
user on whose behalf the call was made. An EJB (Enterprise Java Bean) proxy determines 
whether the call is authorized and extracts security characteristics from the call, which can 
include the type of call and identity of the user making call, to make this determination. The 
cited para. 91 mentions that the EJB proxy provides security characteristics to an access control 
manager. The cited para. 92 mentions that the access control manager obtains access rules for 
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security characteristics and rules specific to the call made. The cited para. 93 discusses 
examining access control rules to determine whether to approve or reject a call by determining 
whether the call is allowed. Paras 93 and 94 discuss example of rules that indicate to allow or 
not allow a type of call. Para. 95 mentions that the access control manager queries a policy 
manager for authorization to make the call. The cited para. 96 mentions that the policy manager 
determines authorization given access control rules for the call and identity of the user. The 
cited para. 97 mentions the policy manager verifying that the logged-in user has access to the 
entity bean and compares the roles and para. 98 discusses the policy manager responding as to 
whether the call is authorized. 

The cited paras. 90-98 discuss rules indicating whether a type of call is allowed. This 
discussion of determining whether a type of call is allowed does not teach or suggest the claim 
requirement of an access authority set for an object indicating access authorities of methods that 
the object calls. The Examiner has not shown where paras. 90-98 teach or mention looking at 
access authorities of methods called by the object subject to the call request from the user. 

The cited paras. 109-1 13 are similarly deficient. The cited para. 109 mentions verifying 
whether the user has authority to access an entity. The cited para. 1 1 0 mentions when the 
security check is performed. The cited para. 1 1 1 mentions determining if a user can access 
arguments of an EJB method. The cited paras. 1 12 and 1 13 mentions that access control can be 
determined before or after the call. These cited paras. 109-1 13 do not teach the claim 
requirement of acquiring an object access authority set for the object indicating access authorities 
for methods called by the object. Instead, the cited Sheinis discusses looking at the authority of 
the user call to the object, not looking at the access authorities of methods called by the called 
object. 

The Examiner cited paras. 70, 89, 220, and 345-347 of Srivastava as teaching the claim 
requirement of searching a storage section storing execution results for a previous execution of 
the object prior to executing the call request and in response to determining that the user access 
authority permits access to the methods called by the object. (OA3, pg. 3) Applicants traverse. 

The cited para. 70 discusses caching parameters. The cited para. 89 mentions that 
caching information may be stored for each service indicating the extent to which output data for 
the service should be cached. The cited para. 220 mentions an execution manger that checks for 
availability of cached service responses before executing a service and if a response is available, 
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no service will be executed and a cached response is returned. The cited para. 345 mentions that 
service components attempt to read information from the cache, and if not in cache read from the 
registries. Para. 346 mentions that service caches may be implemented as database tables. The 
cited para. 347 mentions that when a service engine starts-up, it populates the service cache and 
updates entries. 

Although the cited Srivastava discusses returning service responses from cache before 
executing a service, there is no teaching or suggestion of the claim requirement of searching a 
storage section storing execution results for a previous execution of the object prior to executing 
the call request and in response to determining that the user access authority permits access to the 
methods called by the object. The cited col. 26 nowhere teaches or mentions searching for 
results for a previous execution of an object in response to determining that the user access 
authority permits access to the methods called by the object. 

Accordingly, claims 3 1 , 47, and 56 arc patentable over the cited art because the cited 
Sheinis and Srivastava do not teach or suggest all the claim requirements. 

Claims 31-34 and 40-46, 48-55, and 57-64 are patentable over the cited art because they 
depend from one of claims 3 1, 47, and 56, which are patentable over the cited art for the reasons 
discussed above, and because the combination of these dependent claims with the base and any 
intervening claims provide further grounds of patentability over the cited art. 

Claims 40, 50, and 59 depend from claim 31, 47, and 56, respectively, and further require 
determining methods called by the object; determining an access authority for each determined 
method; generating the object access authority set to comprise the determined access authorities 
of the determined methods, wherein the object access authority set indicates access authorities 
needed to execute the determined methods. 

The Examiner cited the above discussed paras. 90-98 and 109-1 13 of Sheinis as teaching 
the additional requirements of these claims. (OA3, pgs. 4-5) Applicants traverse. 

As discussed, the cited paragraphs of Sheinis discuss determining whether a call is 
allowed from a user by examining rules on types of permissible calls. The cited Sheinis does not 
teach determining an access authority for each determined method to generate the object access 
authority set to indicate access authorities needed to execute the methods called by the object. 
Instead, the cited Sheinis discusses determining whether a call by a user is permitted, not the 
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claim requirement of determining methods called by the object subject to the user call and then 
determining the access authority for each method the called object calls. 

Accordingly, claims 40, 50, and 59 provide additional grounds of patentability over the 
cited art because the cited combination of Sheinis and Srivastava do not teach or suggest the 
additional requirements of these claims. 

Claims 41,51, and 60 depend from claims 40, 40, and 59, respectively, and further 
require that determining the access authority for each determined method calling additional 
methods comprises determining the access authorities of the additional methods called by the 
method, wherein the object access authority set for the method additionally includes the 
determined access authorities of the additional methods called by the method. 

The Examiner cited paras. 72, 1 14, and 130 of Sheinis as teaching the additional 
requirements of these claims. (OA3, pg. 5) Applicants traverse 

The cited para. 72 mentions that an EJB proxy is generated in response to a request to a 
service locator for a home interface. When a servlet requests a home interface from a service 
locator, an EJB proxy is dynamically generated to provide a supra-interface for the servlet 
through which the servlet can access the home interface. This allows the EJB to control access. 
The service locator wraps the home interface in the EJB proxy to control access. The cited para. 
1 14 mentions ensuring that the user represented by the call has access to the entities he created. 
The cited para. 130 mentions a role of viewer and administrator, where the viewer is permitted to 
call a method to view a salary in an employee record and an administrator may call methods to 
create, view, modify and delete an employee record. 

Although the cited paragraphs of Sheinis discuss how to control the calls different users 
may make to access a record, there is no teaching or suggestion that for each determined method 
of an object calling additional methods, determining the access authorities of the additional 
methods called by the method. Further, the Examiner has not cited where Sheinis teaches that an 
object access authority set for the method additionally includes the determined access authorities 
of the additional methods called by the method. Instead, the cited Sheinis discusses how to 
determine when a call may be made, not to determine the access authority of additional methods 
called by methods called by the object to include in an access authority set for the object. The 
Examiner has not cited where Sheinis teaches an access authority set having the access 
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authorities for all methods called by an object and additional methods called by the methods of 
the object. 

Accordingly, claims 41,51, and 60 provide additional grounds of patentability over the 
cited art because the cited combination of Sheinis and Srivastava do not teach or suggest the 
additional requirements of these claims. 

Claim 42, 52, and 61 depend from claims 40, 50, and 59, respectively, and further require 
that access to the execution results is not granted to the user if the access authority for one 
determined method is unknown. 

The Examiner cited the above discussed paras. 93, 94, and 97 of Sheinis as teaching the 
additional requirements of these claims. (OA3, pg. 5) Applicants traverse. 

Although the cited paras. 93, 94, and 74 discuss rules indicating whether a type of call is 
allowed and determining whether a type of call is allowed, this does not teach or suggest the 
claim requirements that access to the execution results of executing the method called by the 
object is not granted if the access authority for one method called by the object the user wants to 
access is unknown.. The Examiner has not cited any part of Sheinis or other art that teaches 
denying access to the execution results if the access authority of one method called by the 
requested object is unknown. 

Accordingly, claims 42, 52, and 61 provide additional grounds of patentability over the 
cited art because the cited combination of Sheinis and Srivastava do not teach or suggest the 
additional requirements of these claims. 

Claims 43, 53, and 62 depend from claims 42, 52, and 61, and further requires that the 
object is executed even if access to the execution results is not granted. 

The Examiner cited the above discussed paras 93-94 of Sheinis as teaching the additional 
requirements of these claims. (OA, pg. 5) Applicants traverse. 

Applicants submit that the discussion in Sheinis of rules indicating whether a type of call 
is allowed and determining whether a type of call is allowed does not teach or suggest that an 
object is executed even if access to execution results is not granted. The Examiner has not cited 
where Sheinis or other cited art teaches or suggests the distinction of the claims of executing an 
object even if access to execution results are not granted. 
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Accordingly, claims 43, 53, and 62 provide additional grounds of patentability over the 
cited art because the cited combination of Sheinis and Srivastava do not teach or suggest the 
additional requirements of these claims. 

Conclusion 

For all the above reasons, Applicant submits that the pending claims 31-34 and 40-64 are 
patentable. Should any additional fees be required beyond those paid, please charge Deposit 
Account No. 09-0460. 

The attorney of record invites the Examiner to contact him at (310) 553-7977 if the 
Examiner believes such contact would advance the prosecution of the case. 



Dated: September 29, 2009 By: /David Victor/ 

David W. Victor 
Registration No. 39,867 

Please direct all correspondences to: 

David W. Victor 

Konrad Raynes & Victor, LLP 

315 South Beverly Drive, Ste. 210 

Beverly Hills, CA 90212 

Tel: (310)553-7977 

Fax:310-556-7984 
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